Google+ to Shut Down After Data Breach Cover-Up Exposed

by Gavin Hanson

Google announced the end of its social platform Google Plus after a Monday Wall Street Journal report detailed the cover-up of a breach that exposed users’ data.

In a breach described as “Cambridge Analytica-style” by Financial Times social media and cyber security reporter Hannah Kuchler, Google Plus user data was exposed for hundreds of thousands of users. The WSJ report indicated that for a period of three years, personal data was accessible by hackers without a single indication from Google Plus or Google’s holding company, Alphabet, that anything was amiss.

Google published a blog post Monday to explain the breach and the “sunsetting” of Google Plus.

Google Plus has been partitioned into different functions since it became clear in 2015 that the app would not be able to compete with Facebook. Though some smaller portions of Google Plus will continue on, its consumer aimed, main portion is due to shut down over the course of the coming months. “To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data,” Ben Smith, a Google fellow and vice president of engineering, wrote in the blog post.

The breach, which began in 2015 and remained viable until spring 2018, was hidden from public knowledge for fear that it would bring on “regulatory scrutiny and cause reputational damage” in the way Facebook’s breach did in 2018, according to the WSJ report.

Smith admitted to the allegations of WSJ that the data exposure was realized in the spring and left undisclosed until now. “[W]e cannot confirm which users were impacted by this bug,” he wrote. “However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected.”

An Application Programming Interface, or API, is the system by which apps interact with each other. It is through an API that, according to Google, personal data such as a name, email address, occupation, gender and age were accessible where it should not have been. Although Google claims it found no evidence of misuse of this or similar data, its blog post admits that “438 applications may have used this API,” and therefore had access to the information in these fields.

“In the coming months, we’ll roll out additional controls and update policies across more of our APIs,” Smith wrote.

– – –

Gavin Hanson is a reporter for the Daily Caller News Foundation.Follow Gavin on Twitter.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.